MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5db22a78bcc0ae5375634bd53679e610b3bad0d251836ca93b7821d4f7d147c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5db22a78bcc0ae5375634bd53679e610b3bad0d251836ca93b7821d4f7d147c
SHA3-384 hash: 6c2a1df69ed1bf19c0188164d59bb1106c49d527eca23f1638df772f5d12c65c2e62faa7f972ddd00efec7e28f84055f
SHA1 hash: f84160e2b5b48af446f6f04ceecb5ede737ce219
MD5 hash: 562a36e9021f9b6b260e949260c6434c
humanhash: cat-cat-fruit-triple
File name:scan list_001006.scr
Download: download sample
Signature GuLoader
Create hunting rule
File size:81'920 bytes
First seen:2020-05-08 08:57:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1c57f71fbe6698180ec6a63159315a33 (1 x GuLoader)
ssdeep 768:pn1jkwMt/GuMq1rRnb4LViKAo7nT4zewRXeyezIdfeE224Uhdijh:hds+uXQJiy83AsdfPl4UhQt
Threatray 374 similar samples on MalwareBazaar
TLSH FE83E611B9B4DD33E5507AB0EB6AF29ED3266D3098718D1769827B1E2F30916AC3031F
Reporter abuse_ch
Tags:GuLoader scr


Avatar
abuse_ch
Malspam distributing GuLoader:

HELO: martin-iglesias.com
Sending IP: 37.49.230.18
From: Carlos Romero <c.romero@martin-iglesias.com>
Subject: Statement
Attachment: scan list_001006.Z (contains "scan list_001006.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 09:36:07 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2xnsfj4lzqfokn2wgs6vgz46meftxlineumdnsutw6bb2t35cr6a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
087ac99d4d33bb73d2e7e11b592a2a7e07fb775de4c97264d7f3b2e1a51f9669
GuLoader
0de023c805c4aabdc9dab70f5660298017276e1a14ca05683e09ff51a1acf7fa
GuLoader
2cbdede5ce74833cf41b0217a910632c650b72b2cebc323c16395d9e566ac7a6
GuLoader
391bd050efa8e5d02a1d1a5bb174374efce434f2457fdb0ca4c26f92341e4fa5
GuLoader
5d0fe828d087e58c38d1724aeced199e4fb352535621e09ab4875a2f960ddabb
GuLoader
5f642d8b157f2edffe4bdf562b68625062021c6667b52f1b1d87489c4399464d
GuLoader
7f80a6416535bb755c265b940e2c3d6c7b5adda148883e3376a6b2672809a480
GuLoader
a86bee3b0f52b7550c4925208c3fd3633f57a2e3f7523d5b78cda28206c01b69
GuLoader
d730df4850006dea47a1820961961672cc08042a07d4bace39568261d1de2ddc
GuLoader
f7c64b437d10f5483b3a78cbf4a08f22cd829c60515c312d2bd21e1a37e250ce
GuLoader
+ 364 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-72c2b4atgs/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

968588fa3c6dff57b8553e5a96673f38

GuLoader

Executable exe d5db22a78bcc0ae5375634bd53679e610b3bad0d251836ca93b7821d4f7d147c

(this sample)

  
Dropped by
MD5 968588fa3c6dff57b8553e5a96673f38
  
Delivery method
Distributed via e-mail attachment

Comments